• DocumentCode
    1835375
  • Title

    Towards agile security risk management in RE and beyond

  • Author

    Franqueira, Virginia N L ; Bakalova, Zornitza ; Tun, Thein Than ; Daneva, Maya

  • Author_Institution
    Univ. of Twente, Enschede, Netherlands
  • fYear
    2011
  • fDate
    30-30 Aug. 2011
  • Firstpage
    33
  • Lastpage
    36
  • Abstract
    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security state of the system being developed. This paper takes the position that (1) these isolated security assurance practices should be fully integrated and should be embedded in short iterations of risk assessment, treatment and acceptance, providing input for updating security requirements and for security risk management, and that (2) available empirical data from public catalogs and databases should be used as a source of expertise, to leverage past experiences, and therefore reduce, although not eliminate, subjectivity of human judgment. Borrowing from the agile software development and project management philosophy, we introduce the idea of a light weight, agile approach to security risk management integrated to the development life cycle.
  • Keywords
    project management; public information systems; risk management; security of data; software prototyping; agile security risk management; agile software development; human judgment; isolated security assurance practices; project management; public catalogs; risk assessment; risk treatment; system development; Catalogs; Databases; Programming; Risk management; Security; Software; Testing; Agile Software Development; Information Security Risk Management; Secure Engineering; Security Assurance;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Empirical Requirements Engineering (EmpiRE), 2011 First International Workshop on
  • Conference_Location
    Trento
  • Print_ISBN
    978-1-4577-1075-9
  • Electronic_ISBN
    978-1-4577-1076-6
  • Type

    conf

  • DOI
    10.1109/EmpiRE.2011.6046253
  • Filename
    6046253